Microcontrollers Functional Safety Packages

1 Functional Safety packagesSTM32 MCUs and MPUsSTM8 MCUs If onlyI could speed up the design timeof Safety -certified systemsThis is where we come inFree Safety Packages for STM32and STM8 with an ecosystem ofST Authorized PartnersWith its Functional Safety Packages based on robust built-in MCU/MPU Safety features, ST provides a comprehensive set of certified software libraries and documentation for manufacturers to significantly reduce the development efforts, time and cost to achieve Functional Safety standard certifications.

2 SIL Functional Safety Package for industrial IEC 61508 (STM32) ASIL Functional Safety Packagefor automotive ISO 26262 (STM8A) Class B Functional Safety Packagefor household electrical appliances IEC 60335-1/60730-1 (STM32 & STM8)Achieve Functional Safety certification with ST MCUs and MPUs3 STM32 built-in Safety features4 Dual watchdogs: Independent watchdog and system window watchdog Backup clock circuitry with clock security system (CSS) Supply monitoring (POR, BOR, PVD) I/O function locking PWM critical register protections with write-once registers (except on STM32L0/L1) Memory protection unit (MPU) with 8 or 16 regions to ensure data integrity from invalid behavior (except on STM32F0) Built-in Safety features in Cortex-M cores (dual stack pointer, fault exceptions, debug module)(1)

3 Depending on part numberOther featuresF0F1G0F3G4F2/F4F7H7L0/L1L4/L4+L5 U5 WBWLMP1Nb of HardwareCRC unit111111111111112 Programmable polynomial in CRC unit(1) (1) Multiple Flash memory protection levels PWM stop on core lockup Parity bit for SRAM memory(1bit/byte) ECC (SECDED) for SRAM ECC (SECDED) for Flash memory SIL Functional Safety Package5 SIL Functional Safety package for STM326 Reduce time and cost to build STM32-based systems certified to IEC 61508 industrial Safety standardSIL Functional Safety Package for STM32without Packagewith PackageST provides a complete.

4 Certified offering to-Lower project costs-Reduce design complexity-Ease SIL certification assessment7 SIL Functional Safety for STM32 Safety documentationAvailable at STM32 series level for free download on Safety manuals: detailed list of Safety requirements (conditions of use) and examples to guide STM32 users to achieve Safety integrity level certification in compliance with IEC on demand at STM32 series level (*)(**) on (*) submitted to NDA(**) FMEDA snapshot is generated for a specific set of part numbersFMEA: detailed list of MCU/MPU failure modes and related mitigation measures adoptedFMEDA.

5 Static snapshot reporting IEC 61508 failure rates, computed at both MCU/MPU and basic function detail on demand at STM32 series level Functional Safety package for STM32 X-CUBE-STL self-test libraries Software-based diagnostic suite designed to detect random hardware failures in Safety -critical STM32 core components (CPU + SRAM + Flash memory) Diagnostic coverage verified by state-of-the-art ST proprietary fault injection methodology Application independent: can be potentially used in any end customer application Compiler independent: delivered as object code Certified by T V Rheinland1 IEC 61508 SC3 compliant Provided with Safety manual and user guide(1) The original certificate and the updated list of certificated software versions can be downloaded from T V Rheinlandwebsites.

6 , (2) submitted to NDA9ST Functional Safety methodologyCertified STM32 Self-test LibraryX-CUBE-STLSTM32 Safety Documentation IEC 61508-compliant software developmentIEC 61508-compliant Safety analysisSTM32 Design DatabaseST builds Functional Safety solutions for its STM32 Arm Cortex -M microcontroller family, including detailed and accurate Safety analyses supported by verification activities based on state-of-the-art fault injection state-of-the-art fault injection methods10 Achieve SIL2/SIL3 with STM32 SIL2 Achievablewith single STM32(1oo1architecture)SIL3 Achievablewith twoSTM32(1oo2 architecture)1oo1: 1 out of 1 MCU (no redundancy)1oo2.

7 1 out of 2 MCUs (1 redundant system)11 STM32 Safety Concepts12 STM32MP1 MPU dual Cortex-A7 and Cortex-M4 STM32 MCU single Cortex-M coreSTM32 MCU dual Cortex-M coreRefer to STM32F0, F1, F2, F3, F4, F7, H7 single core, G0, G4, L0, L1, L4/L4+, L5, U5 Safety manualsfor detailsT V Rheinlandsingle core certificateRefer to STM32H7 dual-core and STM32WL5x dual-core Safety manualsfor detailsT V Rheinlanddual core certificateRefer to STM32MP1 Safety manualfor detailsT V Rheinlanddual core certificateNewNewSTM32 MCU dual Cortex-M core Safety Concept132 possible schemes for acquisition.

8 Execution and transfer of resultPEc1 CPU1 PEc2 CPU2 PEi1 PEi12 PEi2 PEo1 PEo2 PEc1 CPU1 PEi1 PEo1 PEc2 CPU2 Individual schemeEach CPU implement a specific Safety function, no collaboration Collaborative schemeThe 2 CPUs collaborate for the implementation of the same Safety functionSF1(s)SF2(s)SF(s)PEi= input processing elementPEc= computation processing elementPEo= input processing elementSF(s) = on or multiple Safety FunctionsMore details in UM2840 STM32H7 dual-core Safety manualand UM2814 STM32WL5x dual-core Safety manualSTM32MP1 MPU dual Cortex-A7 and Cortex-M4 Safety Concept14 Cortex-M4209 MHzdedicated RAM and peripheralsCortex-A7up to800 MHzSafe PartitionNon-Safe PartitionSafety function implementation confined in Cortex-M4 real-time sideHardware and software-based separationMore details in UM2714 STM32MP1 Series Safety manualExecution of self-test library (X-CUBE-STL for)

9 STM32MP1)The coexistence with non- Safety related software on Cortex-A7 ( Linux) is possibleASIL Functional Safety Package15 STM8A-SafeASIL Functional Safety PackageVisit DevelopmentASIL A/BST Quality foundations+Product PortfolioMCU Safety FeaturesSafety documentationSpecification forSelf-Test LibraryReduce time and cost to build STM8A-based systems certified to ISO 26262 automotive Functional Safety standardSTM8A16 Available on demand for STM8AF and STM8AL (*) Ask your local ST for STM8AF and STM8AL series for free download on documentationSafety manual: Detailed list of Safety requirements and examples to support STM8AF and STM8AL use in applicationsthat need to fulfill Functional Safety requirements as defined by automotive Safety integrity level ASIL B of ISO : detailed list of MCU failure modes and related mitigation measures adoptedFMEDA:static snapshot reporting ISO 26262 failure rates, computed at both MCU / basic function detail levels.

10 (*) submitted to NDA17on demand for STM8AF and STM8AL series(*)Ask your local ST contactSTM8A-SafeASIL specification for self-test libraryfull list of detailed Safety requirements enabling STM8AF and STM8AL users to realize, in the framework of their ISO26262-compliant software development process, the software Self-test Library required by STM8AF or STM8AL Safety Manual to support application up to ASIL B. The quality of the specification document allows its direct use in a development process compliant to ISO26262-6 specification includes the evidences and rationales behind the generation of the Safety requirements for the completeness of end-user Safety case.